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Amendments to the Claims : 

1. (Currently Amended) A method comprising: 

providing a plurality of security policies to be applied to traffic at least one of to or from 
a host , wherein each security policy includes an application instance identifier associated with a 
security service, at least two application instance identifiers being associated with different 
security services that operate according to different protocols at different layers of a multi- 
layered protocol stack; and 

creating at least one a plurality of security association associations , wherein the at least 
eae -two security association is associations being created based upon at least one respective, 

thereby create a centralized key store including the plurality of security policies and the at least 
ene-security association associations, at least one of the security associations being created 
according to a key management protocol that differs from the protocols according to which the 
security services operate . 

2. (Previously Presented) A method according to Claim 1 further comprising: 
receiving at least one packet of data; and 

applying the security service associated with an identified application instance identifier 
to the at least one packet of data to thereby transform the at least one packet of data, wherein the 
security service is applied to the at least one packet based upon at least one security policy and at 
least one security association. 

3. (Previously Presented) A method according to Claim 2 further comprising: 
receiving the at least one transformed packet of data; and 

applying the security service associated with the identified application instance identifier 
to the at least one transformed packet of data to thereby generate a representation of the at least 
one packet of data, wherein the security service is applied to the transformed at least one packet 
based upon at least one security association. 
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4. (Previously Presented) A method according to Claim 2, wherein providing a 
plurality of security policies comprises providing at least one security policy further including at 
least one selector field having at least one selector value in a format common to a plurality of 
security service protocols, and wherein applying the security service comprises applying the 
security service further based upon the at least one security policy including the at least one 
selector value. 

5. (Original) A method according to Claim 1 , wherein creating at least one security 
association comprises creating at least one security association according to an Internet Key 
Exchange (IKE) technique. 

6. (Currently Amended) An apparatus comprising: 

a processor configured to provide a plurality of security policies to be applied to traffic at 
least one of to or from the apparatus , wherein each security policy includes an application 
instance identifier associated with a security service, at least two application instance identifiers 
being associated with different security services that operate according to different protocols at 
different layers of a multi-layered protocol stack, wherein the processor is configured to apply a 
security service -services associated with an -respective, identified application instance identifier 
identifiers to at least one packet packets of dat a, including applying different security services to 
at least two different packets of data, to thereby transform the at least one packet packets of data, 
wherein the processor is configured to apply the security service- services to the at least one 
packet- packets b ased upon at least one a plurality of security pehey -policies and at least one 
security associati o n associations, and 

wherein the processor is configured to relay the at least one t ransformed pack e t packets 
of data t o a second one or more security gateway gateways configured to apply the security 
semee -services associated with the respective, identified application instance identifier 
identi fiers to the at least one transformed packet- packets of data to thereby generate a 
representation representations of the at least one packet r espective packets of data. 
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7. (Currently Amended) An apparatus according to Claim 6, wherein the processor 
is also configured to create at least one a plurality of security association, and wherein the 
processor is configured to create the at least one security association associations, at least two 
security associations being created based upon at least one respective, different security service 
associated with at least one application instance identifier services to thereby create a centralized 
key store including the plurality of security policies and the at least one security association 
associations, at least one of the security associations being created according to a key 
management protocol that differs from the protocols according to which the security services 
operate . 

8. (Currently Amended) An apparatus according to Claim 6, wherein the processor 
is configured to provide at least one security policy further including at least one selector field 
having at least one selector value in a format common to a plurality of security service protocols, 
and wherein the processor is configured to apply tfee-a_security service further based upon the at 
least one security policy including the at least one selector value. 

9. (Currently Amended) An apparatus according to Claim 6, wherein the processor 
is configured to relay the at least one t ransformed packet -packets of data t o a s e c ond one or more 
security gateway gateways configured to receive the at least one transformed packet -packets of 
data from the processor, and thereafter apply the security service- services t o the transformed at 
least one pack e t packets of data based upon the at l e ast one security association associations . 

10. (Previously Presented) An apparatus according to Claim 6, wherein the processor 
is configured to create at least one security association according to an Internet Key Exchange 
(IKE) technique. 

11. (Currently Amended) An apparatus comprising: 

a security policy database configured to store a plurality of security policies to be applied 
to traffic at least one of to or from the apparatus , wherein each security policy includes an 
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application instance identifier associated with a security service, at least two application instance 
identifiers being associated with different security services that operate according to different 
protocols at different layers of a multi-layered protocol stack; 

a security association database configured to store at least one a plurality of security 
a s sociation associations ; and 

a processor configured to create at least ene -two security association associations based 



upon at least one respective, different security service associated with at least one application 
instance identifier services t o thereby create a centralized key store including the plurality of 



associations being created according to a key management protocol that differs from the 
protocols according to which the security services operate . 

12. (Previously Presented) An apparatus according to Claim 11, wherein the 
processor is configured to receive at least one packet of data, and thereafter apply the security 
service associated with an identified application instance identifier to the at least one packet of 
data to thereby transform the at least one packet of data, and wherein the processor is configured 
to apply the security service to the at least one packet based upon at least one security policy and 
at least one security association. 

13. (Previously Presented) An apparatus according to Claim 12, wherein the security 
policy database is configured to store at least one security policy further including at least one 
selector field having at least one selector value in a format common to a plurality of security 
service protocols, and wherein the processor is configured to apply the security service further 
based upon the at least one security policy including the at least one selector value. 

14. (Previously Presented) An apparatus according to Claim 1 1 , wherein the 
processor is also configured to receive at least one transformed packet of data, and thereafter 
apply the security service associated with an identified application instance identifier to the at 
least one transformed packet of data to thereby generate a representation of the at least one 




security policies and the 



;urity association associations, at least one of the security 
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packet of data, and wherein the processor is configured to apply the security service to the 
transformed at least one packet based upon at least one security association. 

1 5 . (Previously Presented) An apparatus according to Claim 1 1 , wherein the 
processor is configured to create at least one security association according to an Internet Key 
Exchange (IKE) technique. 

1 6. (Currently Amended) A computer program product comprising a computer- 
readable storage medium having computer-readable program code portions stored therein, the 
computer-readable program portions comprising: 

a first executable portion configured to provide a plurality of security policies to be 
applied to traffic at least one of to or from a host, wherein each security policy includes an 
application instance identifier associated with a security service, at least two application instance 
identifiers being associated with different security services that operate according to different 
protocols at different layers of a multi-layered protocol stack; and 

a second executable portion configured to create at least one a plurality of security 
association associations , wherein the at least ene- two security association is associations being 
created based upon at least one respective, different security service associated with at least one 
application instance identifier services to thereby create a centralized key store including the 
plurality of security policies and the at least one security association associations, at least one of 
the security associations being created according to a key management protocol that differs from 
the protocols according to which the security sendees operates . 

1 7. (Previously Presented) A computer program product according to Claim 1 6 
further comprising: 

a third executable portion configured to receive at least one packet of data; and 
a fourth executable portion configured to apply the security service associated with an 
identified application instance identifier to the at least one packet of data to thereby transform the 
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at least one packet of data, wherein the security service is applied to the at least one packet based 
upon the at least one security policy and the at least one security association. 

18. (Previously Presented) A computer program product according to Claim 17, 
wherein the first executable portion is configured to provide at least one security policy further 
including at least one selector field having at least one selector value in a format common to a 
plurality of security service protocols, and wherein the fourth executable portion is configured to 
apply the security service further based upon the at least one security policy including the at least 
one selector value. 

19. (Previously Presented) A computer program product according to Claim 1 6 
further comprising: 

a third executable portion configured to receive at least one transformed packet of data; 

and 

a fourth executable portion configured to apply the security service associated with an 
identified application instance identifier to the at least one transformed packet of data to thereby 
generate a representation of the at least one packet of data, wherein the security service is applied 
to the transformed at least one packet based upon the at least one security association. 

20. (Previously Presented) A computer program product according to Claim 16, 
wherein the second executable portion is configured to create at least one security association 
according to an Internet Key Exchange (IKE) technique. 
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